ai artificial-intelligence-2228610_1920.jpg

The Seven Uses of Artificial Intelligence in Operational Risk

This blog post was contributed by Meetig8 member Dr Ariane Chapelle, author, academic, trainer and a highly experienced consultant to financial services companies on operational risk and enterprise risk management. Her most recent book, “Operational Risk Management: Best Practices in the Financial Services Industry”, is available on Amazon and

From suggesting online purchases to music to the ads you see when browsing the web, big data, data mining, machine learning (ML) and artificial intelligence (AI) has revolutionized the way we live. This data revolution is now gaining traction in the financial services industry, with data being used to understand retail consumers’ needs and thus helping the industry design better products, provide more tailored advice and propose more attractive commercial offerings. Equally, application of modern data science to risk management is now developing rapidly, providing positive outlook to the understanding, measurement and management of operational risk in particular.

Data analytics in risk management, when used well, can be helpful to identify or confirm drivers of probabilities and impacts of incidents. Better and deeper analyses is now possible thanks to extensive volumes of digital data gathered from various sources such as mobile applications and online interfaces, coupled with extended computational power able to treat and analyse these large volumes of data.

The regulatory reform leading to the upcoming removal of the AMA (Advanced Measurement Approach) for the calculation of operational risk capital, to be replaced by the SMA (Standardized Measurement Approach) has shifted some of the modeling efforts to analytics aimed at better informing management through quantitative evidence. This is a surprisingly positive effect of a questionable reform. Though still at its infancy, several Tier 1 banks and risk software providers are starting to apply ML and AI in various aspects of operational risk. These include:


1. Identifying fraud, breaches and abnormal patterns

Credit card companies have detected fraud through abnormal patterns of behaviours for decades, blocking transactions that do not fit the recorded profile of a customer. Similar methods have been generalised to detection of rogue trading, money laundering activities, or other suspicious transactions in banking, insurance and brokerage activities. Typical key risk indicators of fraud relate to deviations from the norm. Increased data availability and refined analytics allow the generalization of pattern identification and clusters to improve detective controls.


2. Categorizing operational risk incidents and customer complaints

An international bank is currently piloting language recognition techniques to its event description section of its incidents database tovalidate the categorisation of incidents on record, using Natural Language Processing (NLP), then reallocating incidents to the correct category when necessary. Additionally, it runs text analysis on root causes information of past incidents to provide a mapping of causes per incident type, highlighting the relevant risk factors at play. Incidents are also tagged when related to third party or to reputation damage for a better understanding of the external causes and of the possible impact of certain types of incidents versus others.

Another large retail bank piloted a machine learning programme using NLP on customer complaints for their mortgage business, in order to categorise automatically the nature of the complaint and allocate it to the right service for quicker treatment.


3. Validating Key Risks Indicators (KRIs) to identify or confirm risk drivers

Most KRIs used currently in the industry are based on best guesses, intuition and experience, but lack evidence provided by hard data.  We tend to assume that lack of familiarity in processes, tiredness, overtime, or resources stretch increases human errors, but we don’t know exactly how and by how much. We assume that failures of key controls, missing steps in due diligence process or lack of maintenance are predictive KRIs for security incidents, third party failure or system downtime, but empirical evidence is lacking about the existence and magnitude of these factors. More data joined with causal analysis would, at long last, provide the evidence needed to validate these KRIs and make it more meaningful for interpretation.


4. Recommending compliance and controls

“RegTech” applications pride themselves in the use of AI technology to monitor regulatory requirements and identify gaps in firms, thus informing remediation options that can be pursued. Besides the regulatory context, using machine learning to analyse patterns of failures among the causes and nature of past incidents could lead to recommendations of controls for activities and processes presenting similar features.


5. Identifying risk interdependencies

Correlations between various non-financial risks are a domain still largely unexplored in the financial services, unable then to exploit any diversification benefit, or avoid unwanted concentration. Advanced firms are using risk networks representation in an attempt to manage their non-financial risks at a portfolio level. Data science can help identify interdependencies and thus better mitigate risks within portfolios as well as among different sets of portfolios.


6. Improving resources allocation

A better understanding of the risks should necessarily lead to a better allocation of risk management and internal audit resources, concentrating on the most impactful risks rather than small frequent, visible, but quite harmless events. This efficient allocation of resources will mitigate the risk of deviating valuable resources to incidents that have minimal business impact.


7. Improving conduct

Social Physics, pioneered by Professor Alex Pentland of MIT, brings data analytics in the field of social science, using tracking devices on cooperating individuals to understand the role-influencing factors of human behaviours, particularly through social interactions. Its application in the financial services industry, in particular to drive conduct and right behaviour, is a nascent and promising idea.

Many sectors have started to explore and exploit the benefits of data science, powered by new technologies and the volumes of data that can be captured and treated. Meetig8 is a good example of disruptive innovation using AI to find and recommend the best match between risk and compliance candidates and job offers, saving time and helping with efficient resource allocation.

For every process, the quality of output depends essentially on the quality of input. Large volumes of reliable data is the primary condition for AI to work; the more incidents, risk factors and contextual data to analyse, the more accurate the findings for better risk management.


Need help?

From operational risk to digital risk to change management, Meetig8 has experts you can call on demand to help your business succeed. Ask for a demo by contacting us at or register as a client today and post your job requirement at